Found the answer http://publib.boulder.ibm.com/infocenter/wsdoc400/index.jsp?topic=/com.ibm.websphere.iseries.doc/info/ae/ae/cweb_sfilt.html
need to add extra DISPATCHER entries to the filter-mapping to ensure that it is called in forward; Forward is done as part of security... Now I just need to figure out why I get a session timeout upon success. "hv @ Fashion Content" <[EMAIL PROTECTED]> skrev i en meddelelse news:[EMAIL PROTECTED] >I have set up the standard form authentication which posts to the url >'/j_security_check' with two forms > Home.htm and AccessDenied.htm. > > If I fail log in > 1) The sitewide filter is not called upon receiving the j_security_check > POST > 2) It does determine the failure and chains to Home.htm > 3) It doesn't call the sitewide filter before servicing Home.htm > 4) It loads Tapestry ApplicationServlet with servlet path /Home.htm > > I have a sitewide filter mapping '/*' so all requests should pass through > it. > > Shouldn't they ? > > Henrik --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]